31 lines
789 B
YAML
31 lines
789 B
YAML
id: solr-admin-query
|
|
|
|
info:
|
|
name: Solr - Admin Page Access
|
|
author: dhiyaneshDK
|
|
severity: high
|
|
description: Solr's admin page was able to be accessed with no authentication requirements in place.
|
|
reference:
|
|
- https://www.exploit-db.com/ghdb/5856
|
|
metadata:
|
|
max-request: 2
|
|
tags: solr,unauth,edb,misconfig
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/admin/'
|
|
- '{{BaseURL}}/solr/admin/'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- '<title>Solr admin page</title>'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 490a00463044022058d163ffc9449248324a57e16ddd712089600f3185d5266b7c78dd2f0b818d39022002d583d8ac54152a37cf356a19700170a74776e4b1da5ea8eb2e1b77a5de949b:922c64590222798bb761d5b6d8e72950
|